BouncyCastle CMSSignedDataStreamGenerator更改符号上的数据
[英]BouncyCastle CMSSignedDataStreamGenerator changes data on sign
问题描述
I have the following java code (BouncyCastle 1.48): 
我有以下Java代码(BouncyCastle 1.48):
CMSSignedDataStreamGenerator generator = new CMSSignedDataStreamGenerator();
generator.addSignerInfoGenerator(signerInfoGenerator);
generator.addCertificates(certStore);
FileOutputStream fos = new FileOutputStream("D:\\Data\\Desktop\\Test\\singedData.txt");
OutputStream theSignedDataStream = generator.open(fos, true);
IOUtils.copy(new FileInputStream("D:\\Data\\Desktop\\Test\\unsignedData.txt"), theSignedDataStream);
Now: The data is signed and written to the signedData.txt file. 现在:对数据进行签名并将其写入signedData.txt文件。 The problem is that some characters are written wrong (the data is a mime container that has base64-encoded content). 问题在于某些字符写错了(数据是一个具有base64编码内容的mime容器)。 Here is a snippet from the data: 以下是数据片段:
ICAgIDxOQU1FLUFERFJFU1M+CiAgICAgICAgICA8TkFNRT4KICAgICAgICAgICAg
PExpbmUtMzU+TXVzdGVya3VuZGUgUGV0ZXIgSHV???,???èiZXI8L0xpbmUtMzU+CiAgICAg
ICAgICA8L05BTUU+CiAgICAgICAgICA8U1RSRUVUPgogICAgICAgICAgICA8TGlu
Where the ???,??? 哪里???,??? stands for [EOT],[ETX] (ascii control characters for 'end of transmission' and 'end of text'. In the original source-data, there is nothing where the wrong characters appear: ...SHV???,???éiZX... is originally ...SHViZHX... 代表[EOT],[ETX](“传输结束”和“文本结束”的ascii控制字符。在原始源数据中,没有出现错误字符的地方:... SHV ???, ???éiZX...最初是... SHViZHX ...
A second snippet: 第二个片段:
Content-Transfer-Encoding: base64
Content-Type: application/pdf
Content-[EOT]‚[ETX]Description: The PDF Title
Can anybody help me out here? 有人可以帮我吗? What am I doing wrong? 我究竟做错了什么?
Best regards, Florian 最好的问候,弗洛里安
1 个解决方案
解决方案1
0 2013-05-28 08:30:55
Do you understand that CMS SignedData is in ASN.1 format? 您是否了解CMS SignedData为ASN.1格式? This means there are extra fields and structural tags; 这意味着还有额外的字段和结构标签; your original data is encapsulated in this structure. 您的原始数据将封装在此结构中。 If you don't want to encapsulate the original data, but just produce a signature, then pass 'false' for the 'encapsulate' argument to open(). 如果您不想封装原始数据,而只是产生一个签名,则将'encapsulate'参数的'false'传递给open()。 ie generator.open(fos, false); 即generator.open(fos,false);
Of course, you may then need to send the original data along with the signature, depending on what you are trying to achieve. 当然,然后可能需要将原始数据与签名一起发送,具体取决于您要实现的目标。
If you are interested, the "every 1000 letters" is due to the generator breaking up your data "octet-string" into 1000-byte chunks, as part of the BER encoding produced by CMSSignedDataStreamGenerator (BER is one way of encoding an ASN.1 structure like SignedData). 如果您有兴趣,“每1000个字母”是由于生成器将数据“八位字节串”分成1000字节的块,这是CMSSignedDataStreamGenerator产生的BER编码的一部分(BER是对ASN进行编码的一种方法。 1个结构,如SignedData)。
I would also consider whether you should be signing the Base-64 encoding of your content, or perhaps the raw content bytes would be more appropriate. 我还将考虑是否应该对内容签名为Base-64编码,或者原始内容字节会更合适。 Obviously anyone trying to verify your signature would need to be clear on what exactly was signed. 显然,任何试图验证您的签名的人都需要清楚其签名的确切内容。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.